Skip to content
This repository
tree: 9ca167f84e
Fetching contributors…

Cannot retrieve contributors at this time

file 115 lines (75 sloc) 3.706 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115

.. todolist::


*********
TODO List
*********

Bugfixes
========

* Ensure each modules is running ony one time, it works but easy to do a misake
* There is actually a problem with the slave database: it takes **to much** time.
  The proper fix it the move the temporary data from the global database to an other one,
  not synchronized with the slave.
* Ensure there is a ranking to post before posting a message on twitter and identica.

Improvements
============

* use python-whois as an external dep instead of the bundled version
  (http://gitorious.org/python-whois)

* Extract interesting informations of the bview file, prepare to do a diff ::
    ``egrep -w "^$|PREFIX:|ASPATH:"| awk -F' ' '{print $NF}' | sed 's/^$/XXXXX/' | tr '\n' ' ' | sed 's/XXXXX/\n/g'| sed 's/^ //' | sort | uniq``

* Find a way to ensure everything if working and send a mail if there is a problem somewhere

* Make a "standard module" which just look for IP Addresses in a file.

* Reduce the length of the keys (idea of adulau)::

    5577|2011-03-30|URLQuery|rankv4
    -> 5577|20110330|1|4

    1->URLQuery
    4->rankv4

* Invent a favicon/logo

* Adulau said:
    "Maybe we should work in the future on a way to publish and share the source "unique" name , with their urls and a recommended impact."
  I agree. :-)
    Work in progress: "unique" name/urls/impact are now saved in the redis database

* Ranking = 1 + IP Occ + IP Net - logarithm ? (adulau)

* add list: http://www.atma.es/atma.p2p

* add lists: http://labs.snort.org/iplists/

* print month average on ASN Details

* whitelisting Google, AOL, Cogent...

* plugin munin (feeds, dispo, ips...)

New functionalities
===================

* "Static lists": the Russian Business Network list provided by emergingthreats.net is a good example:
  It is not really a "malware list" but will give information on "probably bad IPs" and it should be possible to,
  when you want more information about an ASN, know that the ASN has IP in this list.

* Ranking by subnet can be improved: we divide the number of IPs found in a subnet by
  the total of IPs announced by the AS. Like this, we just have to add the ranks of
  each subnet of the AS to get the global rank of the AS.

  It might be interesting to compute the division of the number of IPs found in a subnet
  by the size of this subnet and to compare it to the global rank of the AS: if we have a
  (big) difference, we can be sure that this particular subnet is better/worse than the
  rest of the subnets announced by the AS. And investigate it further.

* read the code of Khanku (http://gitorious.org/~khanku/bgp-ranking/predictive-bgp-ranking/)
  ans find a way to handle this usage of the ranking system in the main trunk

* Module which ping a list of URL known as malicious and insert the IP in the system.

* API (telnet like ?) -> See https://github.com/adulau/bgpranking-API
    - get the weight of each source
    - get the rank of a subnet/asn (by whatever you want)

* grab files using rsync, example : http://psbl.surriel.com/howto/

* handle this lists?
    - https://www.projecthoneypot.org/index.php

Documentation
=============

* How-to generate customer_{key,secret} and access_token_{key,secret} on twitter and identica

Microblogging client
====================

* Post when a new ranking has been computed
* Possiblity to do query on AS/IP

Website
=======

Homepage
--------

* latest ranking of each source available

ASN Details
-----------
* highligh depending on the number of sources where it has been found + credibility
* ability to display the details of the other days (click on the graph?)

IP Details
----------

* highligh the IPs found in more than one source
Something went wrong with that request. Please try again.